TWI292556B - Method and memory medium having machine instructions for securely booting up electronic device by hashing code provided for execution during boot-up of electronic device and electronic device related therewith - Google Patents

Method and memory medium having machine instructions for securely booting up electronic device by hashing code provided for execution during boot-up of electronic device and electronic device related therewith Download PDF

Info

Publication number
TWI292556B
TWI292556B TW092114953A TW92114953A TWI292556B TW I292556 B TWI292556 B TW I292556B TW 092114953 A TW092114953 A TW 092114953A TW 92114953 A TW92114953 A TW 92114953A TW I292556 B TWI292556 B TW I292556B
Authority
TW
Taiwan
Prior art keywords
code
electronic device
hash value
preloader
memory
Prior art date
Application number
TW092114953A
Other languages
Chinese (zh)
Other versions
TW200401228A (en
Inventor
Morais Dinarte
Lange Jon
R Simon Daniel
Tony Chen Ling
D Benaloh Josh
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of TW200401228A publication Critical patent/TW200401228A/en
Application granted granted Critical
Publication of TWI292556B publication Critical patent/TWI292556B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/22Microcontrol or microprogram arrangements
    • G06F9/24Loading of the microprogram
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
  • Emergency Protection Circuit Devices (AREA)
  • Hardware Redundancy (AREA)
  • Orthopedics, Nursing, And Contraception (AREA)
  • Diaphragms And Bellows (AREA)
  • Footwear And Its Accessory, Manufacturing Method And Apparatuses (AREA)
  • Exchange Systems With Centralized Control (AREA)

Abstract

Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced. <IMAGE>

Description

12925561292556

九、發明說明 【發明所屬之技術領域】 電 只 的 要 這 憶 它 些 〇 統 被 啟 動 錄 它 的 功 到 本發明大體上係關於安全地啟動一包括有處理器之 子裝置’及更特定地係關於確保在啟動此一電子裝置時 有所想要的機器指令被該處理器所執行,用以防止替代 或其它的機器指令在啟動程序期間被執行。 【先前技術】 有許多的電子裝置在其最初的充電或重設時期必需 經過一啟動(b〇〇t-up)程序。在該啟動程序期間,控制著 些電子裝置的基本操作特性的機器指令典型地從唯讀記 體(ROM)處被存取並被執行用以將該裝置初始化且讓其 的機器指令能夠被載入到隨機存取記憶體(Ram)中,這 指令將會必執行用以讓該電子裝置能夠實施其它的功能 例如,當一個人電腦被啟動時,包含基本輸入_輸出系 (BIOS)的指令會被執行用以讓一作業系統能夠從硬碟機 載入到RAM中且被該電腦的中央處理器(cpu)執行。” 動(boot-up)” 一詞為一較早的且更有說明性之,,啟 (bootstrap)”一詞的簡短形式。 其它必需被啟動的電子裝置包括遊戲主機,數位記 裝置’個人資料系統’及包含有某種形式的處理器之其 電子產品’其必需要執行一組最初的機器指令來在額外 機器指令被載入到記憶體中且被執行時可有具有其它的 能。因為啟動程序決定一電子裝置的最初狀•離,直影塑 5 1292556IX. INSTRUCTIONS OF THE INVENTION [Technical field to which the invention pertains] It is only necessary to recall that it has been activated to record its work. The present invention generally relates to the safe activation of a device including a processor and a more specific system. The machine instructions that are desired to ensure that the electronic device is activated are executed by the processor to prevent an alternate or other machine instruction from being executed during the startup process. [Prior Art] There are many electronic devices that must undergo a startup (b〇〇t-up) procedure during their initial charging or resetting. During the startup process, machine instructions that control the basic operational characteristics of the electronic devices are typically accessed from a vocal record (ROM) and executed to initialize the device and enable its machine instructions to be loaded. Into the random access memory (Ram), this command will be executed to enable the electronic device to perform other functions, such as when the computer is started, the basic input_output (BIOS) command will be It is executed to enable an operating system to be loaded from the hard drive into the RAM and executed by the central processing unit (CPU) of the computer. The term "boot-up" is an earlier and more descriptive, short form of the word "bootstrap". Other electronic devices that must be activated include the game console, the digital device "personal The data system 'and its electronic products containing some form of processor' must implement a set of initial machine instructions to have other capabilities when additional machine instructions are loaded into memory and executed. Because the startup program determines the initial shape of an electronic device, the direct shadow molding 5 1292556

該裝置 是如何 一家販 因於該 例 遊戲主 軟體所 機器指 執行的 關的政 將這些 主機的 戲主機 例如, 行之啟 有某些 制移除 失去控 可在遊 會採取 改變的 領域中 的月費 的重要操作參數且對於該裝置在啟動程序完成之後 被使用具有一實質的影響。防止啟動程序被變更對 售該電子裝置的公司而言是很重要的,這可避免導 裝置的使用所造成的收入損失。 如’在電子遊戲產業中,被販賣之可玩電子遊戲的 機的商業價值是源自於在該遊戲主機上執行之遊戲 產生的授權收入。因此,在啟動程序期間被載入.的 令可實施防止未經授權的遊戲軟體在該遊戲主機上 功能並落實製造商之與遊戲主機用來玩電子遊戲相 策有些使用者會將執行未經授權的軟體的限制及 政策落實在遊戲主機上視為一種挑戰以及對於遊戲 使用的一種不受歡迎的限制。這些使用者藉由將遊 電路及軟體加以”駭客(hacking),,來突破這些限制。 避開這些限制的一個方法為造成在一遊戲主機上執 動程序載入一被修改過的軟體梭心,在該軟體核心 東西被改變。這些改變將遊戲主機製造商所強加限 掉,而這會讓製造商對於該遊戲主機是如何被使用 制’且會造成收入損失,如果未經授權的遊戲軟體 戲主機上執行的話。因此,遊戲主機製造商通常都 一些作法來防止駭客們在開起程序期間執行一經過 軟體核心。 類似的問題存在於電子裝置必需被啟動的其它科技 。例如,衛星電視接收器的製造商根據使用者所付 來限制使用者可接收到的頻道,其被需要能夠確保 6 專換il 1292556 其安全政策及其產品的使用政策會被遵循,使得消 能依據授權的條款來使用該電子裝置。一 ·骇客可能 改軟體碼來造成衛星接收器内的處理器認定該使用 費來觀看電視頻道,藉此讓該使用者在沒有付適當 下能夠接收到且觀看所有的電視頻道。 因此,確保只有經過授權的軟體碼才可在一電 的啟動期間被執行是所需要的。任何被使用的技術 防止一被修改過的機器指令組取代應在該裝置的啟 被執行之經過授權的軟體,並藉此確保該電子裝置 造商及/或銷售商所欲實施的功能及政策。被用來防 擊潰一電子裝置的使用限制及政策(它們都被包括 裝置的啟動期間載入的軟體碼叢)之已知的方法很 並非完全的成功。藉由使用一包括了替代軟體碼 (add-in)電路卡,該已知的安全政策會至少部分地被 破解,其將該電路卡耦合至該電子裝置的電路中。 地,需要一種更安全且更嚴謹的方法來防止一替碼 子裝置的啟動程序期間被插入或被執行。 【發明内容】 本發明可一般性地被應用在所有包括一處理器 初充電或重設時必需被啟動的電子裝置中,用來確 子裝置的其它功能能夠被實施。在此一裝置中,保 裝置的操作期間會使用到之所有權資訊及防止未經 軟體碼在啟動程序期間被執行是很重要的。 費者只 能夠修 者已付 的費用 子裝置 應能夠 動期間 實施製 止駭客 在電子 明顯地 之外加 駭客所 很明顯 在一電 且在最 保該電 護在該 授權的 1292556 ea 月日修(p正替換丨 最有可能被取代來顏覆-電子裝置之防霞改政策及功 能的構件為儲存有機器指令之非揮發性記憶體,該等機哭 指令定義該電子…如何被使用。目此1發;可確: 在此記憶體中之包含該等機器指令的程式碼都是經過授權 的(即,沒有被可改變該電子裝置的功能及政策之機器碼所 修改過或更換過的碼)。在本發明中,經過授權的碼包括 預先定義的部分(亦被稱為預載入器碼)。此預先定義的部 分必需保持相同,即使是在對該經過授權的碼的其它部分 作出改變,或是該電子裝置將不會被啟動亦然。八口刀 一程序被一開始實施用以確保該碼之預先定義的部 是經過授權的。在此程序中,該預先羞 ^ τ 该預先疋義的部分被雜湊 (hashed)’產生一第一雜凑值。該第一雜凑值然後被拿來 與一儲存的雜湊值相比對,該㈣存的雜凑值被保存在該 電子裝置的一電路構株Φ ’ /、與存放該碼之記憶體是分開 來的’用以確認該碼之預先定義的部分是經過授權的。如 果該第—雜凑值㈣被料的錢值的話,則執行該碼之 預先定義的部分,如婁π „ 果不同的話,則該電子裝置的啟動會 ?、、止。如果該碼的預先定義部分被致能(enable)(即,幾 乎所有的碼都被雜湊)的話,其可決定-第二雜凑值。一數 ::名被包括在該馬的-部分中,該部分不同於該碼的預 先又義部分。該篦-换、* /乐一雜凑值然後被拿來對該數位簽名作確 認’用以確保料名的真實性。如果該數位簽名被證實是 真的,則該碼即可祐勃t ^ 執仃’而如果不是真的話,則該電子 裝置的啟動即被終止。 8 1292556The device is how to sell a host of the host of the game by the machine software of the game. For example, there is a certain system to remove the control that can be lost in the field where the tour takes change. The important operating parameters of the monthly fee have a substantial impact on the device being used after the startup process is completed. Preventing the start-up procedure from being changed is important to the company that sells the electronic device, which avoids the loss of revenue caused by the use of the guide. For example, in the video game industry, the commercial value of a commercially available video game machine is derived from the authorized revenue generated by the game executed on the game console. Therefore, the command to be loaded during the startup process can be implemented to prevent unauthorized game software from functioning on the game console and to implement the manufacturer's use of the game console for playing video games. Some users will perform without Authorized software limitations and policy implementation are seen as a challenge on the game console and an unwelcome limitation on game usage. These users break through these restrictions by "hacking" the circuit and software. One way to circumvent these restrictions is to cause a program to be loaded on a game console to load a modified software shuttle. Heart, the core things in the software have been changed. These changes will be imposed by the game console manufacturer, and this will give the manufacturer how the game console is used and will cause revenue loss if unauthorized game software Therefore, game console manufacturers usually have some methods to prevent hackers from executing a software core during the startup process. Similar problems exist in other technologies that electronic devices must be activated. For example, satellite TV The manufacturer of the receiver limits the channels that the user can receive according to the user's payment, and is required to be able to ensure that the 6 il 1292556 security policy and its product usage policy will be followed, so that the energy dissipation is based on the terms of the license. To use the electronic device. A hacker may change the software code to cause the processor in the satellite receiver to identify The usage fee is used to watch the TV channel, so that the user can receive and watch all the TV channels without paying. Therefore, it is necessary to ensure that only the authorized software code can be executed during the startup of an electric power. Any technique used to prevent a modified machine instruction set from replacing the authorized software that should be executed at the device, and thereby ensuring that the electronic device manufacturer and/or vendor desires to perform the function. And policies. Known methods used to protect against the use restrictions and policies of an electronic device (both of which are included in the software code bundle loaded during startup of the device) are not entirely successful. An add-in circuit card, the known security policy is at least partially broken, which couples the circuit card into the circuitry of the electronic device. A more secure and more rigorous method is needed to prevent The invention is inserted or executed during the startup procedure of the code sub-device. [Invention] The present invention can be generally applied to all of the initial charging including a processor. In the electronic device that must be activated when resetting, other functions for confirming the child device can be implemented. In this device, the ownership information is used during the operation of the security device and the program is prevented from being activated without the software code. It is very important to be executed during the period. The fee can only be paid by the repairer. The sub-device should be able to be implemented during the period to stop the hacker from apparently adding the hacker in the electronic. In the authorized 1292556 ea month repair (p is replacing the most likely to be replaced by the aging - electronic device's anti-sunshine policy and function of the components for storing non-volatile memory of the machine instructions, these machines cry The instruction defines how the electronic... is used. It is true that the code containing the machine instructions in this memory is authorized (ie, there is no function and policy that can change the electronic device). The code that has been modified or replaced by the machine code). In the present invention, the authorized code includes a predefined portion (also referred to as a preloader code). This pre-defined portion must remain the same, even if changes are made to other portions of the authorized code, or if the electronic device will not be activated. Eight-Piece Knife A program was first implemented to ensure that the pre-defined portion of the code is authorized. In this procedure, the pre-shake portion is hashed to produce a first hash value. The first hash value is then compared to a stored hash value, and the (4) stored hash value is stored in a circuit structure Φ ' / of the electronic device and the memory storing the code is The separate 'used' to confirm the pre-defined part of the code is authorized. If the value of the first-heavy value (four) is expected, then the predefined part of the code is executed, for example, 娄π „ If the difference is different, the start of the electronic device will be?, and stop. If the code is pre- If the definition part is enabled (ie, almost all codes are hashed), it can determine - the second hash value. The number:: name is included in the - part of the horse, which is different from the part The pre-analytic part of the code. The 篦-change, */le-heap value is then used to confirm the digital signature to ensure the authenticity of the material name. If the digital signature is confirmed to be true, Then the code can be stunned and if not true, the start of the electronic device is terminated. 8 1292556

處理器中,像是一聲訊處理器 散保存在其它種類的辅助 輪入處裡器,一輪出處 理器,一通訊處理器,或一數位訊號處理器。更佳的是, 將該初始碼及預期的雜湊值存放在一可執行該初始碼的處 理器中。此初始碼被執行用以雜湊該預先定義的部分,並 實施該第一雜湊值與該被儲存的雜湊值的比對的工作。在 本發明的一較佳的形式中,該初始碼被永久地定義在一韌 體(firmware)中成為一預設的位元數.此外,該碼的預先 定義部分最好是包含一預設的位元碼數,其被設置在該碼 的一預設的位置處。很明顯地,除非該被儲存的雜湊值被 相對應地改變,否則該碼的預先定義部分的大小及内容即 無法被修改,因為該被儲存的雜湊值會不等於該第一雜湊 值。 該預先定義的碼亦包括一公眾金餘其被用來讀認該數 位簽名且具有可讓該碼的一被編密碼(encrypted)的核心部 分被解密碼的機器指令。該被解密碼的核心然後被執行用 以完成該電子裝置啟動。該預設的碼使用一串流密碼 (stream cipher)來實施該碼的核心部分的解密碼 (decryption) 〇 本發明的另一態樣係關於一記憶媒體其上儲存有碼’ 該碼包含機器指令,該等機器指令在該電子裝置的啟動期 3,猶‘ 1292556 間被取得用以決定該碼是否是經過授權的。該記憶 栝該核心部分,該啟動載入器部分,該預載入部分 位簽名。 本發明的另一態樣係關於一種電子裝置其必需 才能操作。該電子裝置包括一非揮發性記憶體,其 有多個機器指令。該非揮發性記憶體包括一主要部 預載入器部分其具有一預先定義的内容,大小及位 處理器被耦合至該非揮發性記憶體用以在啟動期間 器指令。一啟動碼韌體元件载明機器指令,該等指 一雜湊演算法及一預期的雜湊值。該啟動碼細體的 令在該電子裝置的啟動期間一開始是由該處理器 的,造成該處理器實施該預載入部分的的雜湊並將 該預期的雜湊值比對。該電子裝置的其它細節及其 體上與上文提及的方法步驟相同。' 藉由使用本發明於一雷早梦署Φ, 电丁衣置τ如一遊戲主 想要改變在啟動程序期間執行的機器指令或用不同 指令來取代另一記憶體的嘗試會讓該裝置無法= 動。因此,本發明可藉由確保只有經過授權的碼才 電子裝置的啟動期間被執行來防止有人修改美太工 避應由該電子裝置實施的政策。 土功 【實施方式】 應被強調的是, 上’雖然本案的說明 媒體包 ,及數 被啟動 上儲存 分及一 置。一 執行機 令定義 機器指 來執行 結果與 功能大 機中, 的機器 功地啟 可在該 能或規 本發明並不揭限在使用於遊 書中之較佳實施例是使用在 主機 戲機 10In the processor, an audio processor is stored in another type of auxiliary wheel, a processor, a communication processor, or a digital signal processor. More preferably, the initial code and the expected hash value are stored in a processor that can execute the initial code. The initial code is executed to hash the predefined portion and perform the operation of comparing the first hash value to the stored hash value. In a preferred form of the invention, the initial code is permanently defined in a firmware to be a predetermined number of bits. Further, the predefined portion of the code preferably includes a preset. The number of bit codes that are set at a predetermined position of the code. Obviously, unless the stored hash value is changed correspondingly, the size and content of the predefined portion of the code cannot be modified because the stored hash value will not equal the first hash value. The pre-defined code also includes a machine instruction that is used by the public to read the digital signature and has a core portion that allows the encrypted portion of the code to be decrypted. The decrypted core is then executed to complete the electronic device boot. The preset code uses a stream cipher to implement the decryption of the core portion of the code. Another aspect of the present invention relates to a memory medium having a code stored thereon. The instructions, which are obtained during the start-up period 3 of the electronic device, are used to determine whether the code is authorized. The memory 栝 the core part, the boot loader part, the preloaded part of the bit signature. Another aspect of the invention pertains to an electronic device that must operate. The electronic device includes a non-volatile memory having a plurality of machine instructions. The non-volatile memory includes a main portion preloader portion having a predefined content, and a size and bit processor coupled to the non-volatile memory for commanding during startup. A start code firmware element specifies machine instructions, which refer to a hash algorithm and an expected hash value. The activation code sequence is initially initiated by the processor during startup of the electronic device, causing the processor to implement the hash of the preloaded portion and to compare the expected hash values. Other details of the electronic device and its body are identical to the method steps mentioned above. By using the present invention in a ray, the attempt of the game owner to change the machine command executed during the startup process or to replace another memory with a different command would make the device impossible. = move. Accordingly, the present invention can prevent a person from modifying the policy implemented by the electronic device by ensuring that only authorized code is executed during startup of the electronic device. Earthwork [Embodiment] It should be emphasized that, although the description of the case, the media package, and the number are activated on the storage points and settings. An executive machine defines a machine finger to perform the result and function of the machine. The machine function is enabled. The preferred embodiment of the present invention is not limited to the use of the book. 10

I292556 揭示給想要還 限制及與該遊 上。本發明被發展來確保所有權資訊被會被揭 原工程碼的使用者’並防止使用者規避授權限 戲機玩電子遊戲相關的政策。 統100包括一I292556 reveals to want to also limit and swim with that. The present invention has been developed to ensure that ownership information is removed from the user of the engineering code&apos; and to prevent the user from circumventing policies related to the licensing of electronic games. System 100 includes one

及 1 0 4 b。 如第1圖所示’ 一舉例性的電子遊戲系麵 遊戲主機102且支援多達四 及l〇4b。遊戲主機102配令 中示出)及一可攜式媒體機 式光學儲存媒體,其以光學儲存碟片108來代表。適當的 可攜式儲存媒體的例子包括了 DVD碟片及CD_R〇M碟 片。在此遊戲系統中,遊戲程式最好是以燒在DVd碟片上 的方式被分銷以使用在該遊戲主機上,惟其它的儲存媒體 亦可被使用,用以在使用本發明的系統上實施資料安全政 滚及確保輸入到該系統中的數位資料的真實性。 在該遊戲機102的正面上有四個插槽11〇,以供四個 控制器連楱用,惟插槽數目及安排可以不同。一電源紐j j 2 及一退出鈕114亦位在該遊戲主機1〇2的正面。電源妨i 12 控制著電力供應至該遊戲主機,該退出鈕114交替地開啟 及關閉可攜式媒體機1〇6的托盤(未示出),讓該儲存光碟 1 08能夠放入及取出,使得在碟片上的數位資料可被該遊 戲主機讀取及使用。遊戲主機102經由影/音(A/V)介面電 線120而連接至一電視或其它顯示監視器或螢幕。一電源 線插頭122當其連接至一傳統的交流電源(未示出)時,可 將電力輸送至該遊戲主機。遊戲主機102可被進一步提供 一資料連接器1 24用來經由傳統的電話線數據機,或經由 11 1292556 OQ 年〜 著修(^正替換 一寬頻連線來將資料傳送於一網路上,如網際網路 每一控制器104a,104b都經由一導線(或經由 介面)耦合至該遊戲主機1 02。在被舉出的實施例中 控制器為萬用串接匯流排(USB)相容的且經由USB 連接至該遊戲主機102。遊戲主機102可配備許多 者裝置中的任何一種來與遊戲軟體互動及控制遊戲 雖然控制器104a的所有細節並沒有被示於第1圖xj 一控制器104a,104b都配備有兩個拇指桿132a及 一 D板1 3 4,按鈕1 3 6,及兩個扳機1 3 8。這些控制 代表性的,且其它已知的遊戲輸入與控制機構都可 取代或添加至第1圖所示的遊戲機上。 一可取下的或可攜式的記憶單元(MU) 140可非 被插入到該控制器104中用以提供額外的可移除式 $攜式的MU可讓使用者儲存遊戲參數及藉由將 插入到其它的控制器上來讓這些參數能夠在其 機上玩。在所示的實施例中,每一控制器都被建構 納兩個MU,但比兩個MU多或少的數目亦可被使月 遊戲系統1 〇 〇能夠玩遊戲,放音樂,及播放視 它的功能可使用儲存在硬碟機上的數位資料或從裝 中的光學儲存碟片108上讀取的數位資料,來自於 資源,或來自於MU14 0的數位資料來實施。遊戲主 計成可防止未經授權的電子遊戲碟片在該遊戲主 玩。而且,某些政策是經由該遊戲主機來實施。例 一地理區中所販售的軟體是不能在一不同的地理區 一無線 ’該等 線130 種使用 軟體。 ',但每 132b, 器只是 被用來 必要地 儲存。 可攜式 它的主 成可容 丨。 訊。其 置 106 線上的 機被設 機上遊 如,在 中所販 12And 1 0 4 b. As shown in Fig. 1, an exemplary electronic game system game host 102 supports up to four and l〇4b. The game console 102 is shown in the figure) and a portable media optical storage medium, which is represented by an optical storage disc 108. Examples of suitable portable storage media include DVD discs and CD_R〇M discs. In this game system, the game program is preferably distributed on the DVd disc for use on the game console, but other storage media may also be used for implementation on the system using the present invention. Data security and ensuring the authenticity of the digital data entered into the system. There are four slots 11 on the front of the gaming machine 102 for the four controllers to be used, but the number and arrangement of the slots can be different. A power button j j 2 and an exit button 114 are also located on the front side of the game console 1〇2. The power supply device 12 controls the power supply to the game console, and the exit button 114 alternately turns on and off the tray (not shown) of the portable media device 1〇6, so that the storage optical disk 108 can be put in and taken out. The digital data on the disc can be read and used by the game console. Game console 102 is coupled to a television or other display monitor or screen via a video/audio (A/V) interface cable 120. A power cord plug 122 can deliver power to the game console when it is connected to a conventional AC power source (not shown). The game console 102 can be further provided with a data connector 1 24 for transmitting data over a network via a conventional telephone line data machine, or via a 1 1292556 OQ year (to replace a broadband connection, such as Each of the controllers 104a, 104b of the Internet is coupled to the game console 102 via a wire (or via an interface). In the illustrated embodiment, the controller is universally connected (USB) compatible. And connected to the game console 102 via USB. The game console 102 can be equipped with any of a number of devices to interact with the game software and control the game. Although all details of the controller 104a are not shown in Figure 1 xj - controller 104a The 104b is equipped with two thumb bars 132a and one D plate 1 3 4, buttons 136, and two triggers 1 3 8. These controls are representative and other known game input and control mechanisms can be substituted. Or added to the gaming machine shown in Figure 1. A removable or portable memory unit (MU) 140 may be inserted into the controller 104 to provide additional removable MU allows users to store game parameters The numbers and the parameters can be played on their machines by being inserted into other controllers. In the illustrated embodiment, each controller is built with two MUs, but more or less than the two MUs. The number can also be used to enable the monthly game system to play games, play music, and play its functions using digital data stored on the hard disk drive or read from the optical storage disk 108 loaded. Digital data, derived from resources, or digital data from MU14 0. The game master measures to prevent unauthorized video game discs from playing in the game. Moreover, certain policies are implemented via the game console. The software sold in the first geographic area is not wireless in a different geographical area. 'These lines use 130 kinds of software.', but every 132b, the device is only used to store necessary. Portable its main Cheng can accommodate. News. The machine on the 106 line is set up upstream, such as in the middle of the sale 12

1292556 年月 售的遊戲主機上玩。而且,一防止影像DVD拷備的工業禪 準(MACROVISION™)被該遊戲主機軟體所實施。 某些使用者想要打敗由遊戲主機所實施的功能性限制 及政滚。規避這些限制及政策的一個方式為安襄一積體電 路(1C)或模組至該遊戲主機中,用經過修改的版本來取代 原來的ROM及儲存在ROM内用來在該遊戲主機啟動時使 用到的碼。在這些取代模組中之對機器指令的修改是要在 啟動程序期間操作且消除或改變由該遊戲主機的製造商或 設計者所強加,用來防止未經授權的軟體的使用,視訊 DVD的拷備,及該遊戲主機的其它功能及/或政策等之限 制。然而’本發明讓插入一未經授權的取代R〇M模組來 改變啟動程序變得極為困難,並可在該遊戲主機的啟動期 間偵測到有人嘗試要使用替代的及未經授權的碼時即可終 止啟動程序。 為了要防止與啟動程序有關的所有權資訊被發現及為 了要防止經過修改或變造的碼於啟動 程序期間被使用,在Played on the game console sold in the month of 1292556. Moreover, an industrial phantom (MACROVISIONTM) that prevents video copying is implemented by the game console software. Some users want to defeat the functional limitations and rollovers implemented by the game console. One way to circumvent these restrictions and policies is to install an integrated circuit (1C) or module into the game console, replace the original ROM with a modified version and store it in ROM for use when the game console is started. The code used. The modification of the machine instructions in these replacement modules is to be operated during the startup process and eliminated or changed by the manufacturer or designer of the game console to prevent unauthorized use of the software, video DVD Copy, and other features and/or policies of the game console. However, the present invention makes it extremely difficult to insert an unauthorized replacement R〇M module to change the boot process, and can detect that someone is trying to use an alternate and unauthorized code during startup of the game console. The startup process can be terminated. In order to prevent the ownership information associated with the launcher from being discovered and to prevent the modified or altered code from being used during the startup process,

是,一 1C應被用作此目 I:路板的一 ic内成為韌體。最好 的且是市面上買不到的,因為其為 13Yes, a 1C should be used for this purpose. I: An ic inside the road board becomes a firmware. The best is not available on the market because it is 13

!292556 該電子裝置的製造商所定製的。而且,用作此目的的ic 對於該電子裝置的操作是很關鍵的,使得如果有人嘗試要 取得埋設在該1C中的韌體的話,則該1C的操作及該電子 裝置的操作都將會受到不利的影響。 第2A圖顯示數種包括在遊戲主機100内的1C元件。 —CPU202是主要的處理器且被用來執行該遊戲核心的大 部分處理功能。CPU202必需與大多數一般的處理器一樣 在一 P4始即被啟動,用以讓它能约執行該遊戲核心被設計 來實施之不同的功能。CPU202被雙向連接至一定製的圖 形處理器其亦為由NVIDIA公司所製造的匯流排及記憶體 控制晶片204且被設計為NV2A晶片。該NV2A晶片被連 接至RAM206及連接至另一 NVIDIA定製的晶片其為一媒 體通訊處理器(MCP)208 (該晶片提供聲訊訊號處理器的能 力)且連接至系統記憶體,亦耦合至USB埠與乙太網路埠以 進行資料通訊。包括在該MCP208内的為512位元的韌體, 其包含一啟動碼212。啟動碼212大體上被埋設在該MCP208 的其它層底下且無法籍由將此模組掀開來取得。為了要實 體上取得啟動碼212,就必需覆蓋在上面的幾層去除掉, 而這會毀壞掉該MCP模組,造成該模組及遊戲主機無法使 用。又,因為MCP208是遊戲主機製造商定製的,所以其它 人是無法由公開的市場上取得的。即使是該啟動碼用某種 方式而被取得,讓包含此韌體的機器指令被”看到”,本發 明亦會讓啟動程序無法被改變。MCP208耦合至一 ROM210, 其包括該遊戲主機1 〇 〇在啟動時必需用到的大部分機器指 14 1292556!292556 The manufacturer of this electronic device is customized. Moreover, the ic used for this purpose is critical to the operation of the electronic device such that if an attempt is made to obtain a firmware embedded in the 1C, the operation of the 1C and the operation of the electronic device will be subject to negative effect. FIG. 2A shows several 1C components included in the game console 100. - CPU 202 is the primary processor and is used to perform most of the processing functions of the game core. The CPU 202 must be started as in most general processors at the beginning of a P4 to enable it to perform the different functions that the game core is designed to implement. The CPU 202 is bidirectionally coupled to a custom graphics processor which is also a bus and memory control chip 204 manufactured by NVIDIA Corporation and designed as an NV2A chip. The NV2A chip is connected to the RAM 206 and to another NVIDIA custom chip which is a Media Communications Processor (MCP) 208 (which provides the capability of the voice signal processor) and is coupled to the system memory and also to the USB埠 and the Ethernet network for data communication. A 512-bit firmware included in the MCP 208 includes a boot code 212. The enabler code 212 is substantially buried underneath the other layers of the MCP 208 and cannot be obtained by splitting the module apart. In order to physically obtain the boot code 212, it is necessary to remove the layers above, which will destroy the MCP module, rendering the module and the game console unusable. Also, because the MCP208 is customized by the game console manufacturer, others cannot be obtained from the open market. Even if the boot code is obtained in some way, the machine instructions containing the firmware are "seen", and the present invention will make the boot program unchangeable. The MCP 208 is coupled to a ROM 210 that includes most of the machine fingers that the game console 1 must use at startup 14 1292556

令0 本發明之一更為一般性的應用被示於第2B圖的元件 結構中。一定製的CPU220可包含,,埋設,,於其内且在其它 cpu層底下之韌體啟動碼222。如第2B圖所示的,cpu22〇 鶴合至RAM206及ROM210。因為啟動碼222包含韌體於 CPU222内’所以在CPU處理部分與啟動碼222之間的訊號 是無法取得的 '因此,對於第2B圖所示的實施例而言,取 得啟動碼222並決定其内容是更加困難,因此第π圖的實 施例可提供比第2 A圖的實施例更高的安全性。 第3圖顯示ROM210在本發明中用到的不同的部分。在 較佳的實施例中,遊戲主機1 〇〇使用到的ROM2 1 0包含一 2 5 6K位元組的記憶體模組被包括在κ〇Μ2ΐ〇中的是一預載 入器230,其未被編密碼(enCrypted)。預載入器230在較 佳的實施例中具有約11K位元組的固定大小,且其内容, 大小,及在ROM2 1 0中的位置都是預先定義的。很重要的 是,預載入器230包括一被編密碼的公眾金鑰231。同樣 很重要的是,必需維持該預載入器230的内容不被改變, 除非該韌體啟動碼2 1 2有相對應的改變,這在以下的說明 中會清楚地交代。ROM210亦包括一啟動載入器232其是經 過編密碼的。此外,ROM210包括一數位簽名234及一對稱 金鑰236。顯然地,大部分的ROM2 10是用來儲存包含一核 心(kernel) 238的機器指令。核心238是同時被壓縮及編 密碼的。包括在該核心2 3 8内的機器指令定義大部分的功 能及建立與該遊戲主機1〇〇相關的政策。最後,一晶片組 15 1292556 初始化碼2 4 0在該遊戲主機開始被充電時會被包括 行。 第4圖顯示該遊戲主機1 〇 2在被開始充電或被 會被實施的邏輯步驟。步驟25〇是讓晶片組初始化 在R0M2 1 0中執行。包括在晶片組初始化碼240中的 令是未被編密碼的;它們定義適合使用在該完整的 機架構中之特定組態的資訊及特定組態的程序。該 必需實施的晶片組組態被包括在啟動碼中;該特定 程序係晶片組初始化碼的一部分。而且,該CPU的 程序被包含在該啟動碼内並在晶片組初始化碼的其 之前被執行。接下來,在方塊252,包括在埋設於該 中之該韌體啟動碼2 1 2内的機器指令跑一單向雜湊 用以決定在該ROM210内之預載入器230的一雜湊4 文提及的,在遊戲主機1 〇 〇被製造的當時即被安裝 的原始ROM210中,該預載入器230即具有一特定 大小,及在ROM210内的位置。因此,藉由將包括在 器230内的該等機器指令加以雜湊所得到的雜湊值 保持相同,只要該預载入器230沒有被未經授權的 變或替代。在較佳的實施例中,一 SHA-1單向雜湊 被施用,用以將該預載入器雜湊。或者,可使用一 凑演算法,熟悉此技藝者可暸解到其它的雜湊演算 被使用。被使用的雜湊演算法係包括在啟動碼2 1 2 指令中。 同樣包括在啟動碼2 1 2中的是一被儲存的雜湊 及被執 重設時 碼240 機器指 遊戲主 機器碼 的值及 初始化 餘部分 MCP208 演算法 t。如上 在其内 f内容, 預載入 應永遠 碼所改 演算法 MD5雜 法亦可 的機器 值其為 16A more general application of one of the present inventions is shown in the element structure of Figure 2B. A customized CPU 220 can include, embed, and firmware boot code 222 therein and under other cpu layers. As shown in Fig. 2B, cpu22〇 is combined to RAM 206 and ROM 210. Since the boot code 222 includes the firmware in the CPU 222, the signal between the CPU processing portion and the boot code 222 is not available. Therefore, for the embodiment shown in FIG. 2B, the boot code 222 is obtained and determined. The content is more difficult, so the embodiment of the πth diagram can provide greater security than the embodiment of Figure 2A. Figure 3 shows the different parts of the ROM 210 used in the present invention. In a preferred embodiment, the memory module used by the game console 1 to include a 256K byte memory module is included in the κ〇Μ2ΐ〇 is a preloader 230. Not passwordd (enCrypted). Preloader 230 has a fixed size of about 11K bytes in the preferred embodiment, and its content, size, and location in ROM 2 10 are all predefined. It is important that the preloader 230 includes a cryptographic public key 231. It is also important that the contents of the preloader 230 be maintained unchanged unless the firmware activation code 2 1 2 has a corresponding change, as will be clearly explained in the following description. ROM 210 also includes a boot loader 232 which is cryptographically encoded. In addition, ROM 210 includes a digital signature 234 and a symmetric key 236. Obviously, most of ROM 2 10 is used to store machine instructions containing a kernel 238. Core 238 is compressed and cryptographic at the same time. The machine instructions included in the core 238 define most of the functionality and establish policies associated with the game console. Finally, a chipset 15 1292556 initialization code 2 4 0 is included when the game console begins to be charged. Figure 4 shows the logical steps of the game console 1 〇 2 being charged or being implemented. Step 25: Let the chipset initialization be performed in R0M2 1 0. The commands included in the chipset initialization code 240 are unencrypted; they define the information and specific configuration procedures that are appropriate for the particular configuration used in the complete machine architecture. The chip set configuration that must be implemented is included in the boot code; the particular program is part of the chipset initialization code. Moreover, the program of the CPU is included in the boot code and is executed before the wafer set initialization code. Next, at block 252, the machine command included in the firmware boot code 2 1 2 embedded therein is traversed by a one-way hash to determine a hash of the preloader 230 in the ROM 210. And, in the original ROM 210 that is installed at the time when the game console 1 is manufactured, the preloader 230 has a specific size and a position within the ROM 210. Therefore, the hash values obtained by hashing the machine instructions included in the processor 230 remain the same as long as the preloader 230 is not unauthorizedly changed or replaced. In the preferred embodiment, a SHA-1 one-way hash is applied to hash the preloader. Alternatively, a splicing algorithm can be used, and those skilled in the art will appreciate that other hash calculus is used. The hash algorithm used is included in the boot code 2 1 2 instruction. Also included in the boot code 2 1 2 is a stored hash and the reset code 240 machine refers to the value of the game master machine code and the initialization remainder MCP208 algorithm t. As above, f content, preloading should always be coded by the algorithm MD5 can also be used by the machine value of 16

Ιί 1292556 *亥預載入器2 3 0的預期雜凑 從該啟動碼載入該儲存的雜 器指令將來自於啟動碼的被 預載入器2 3 0所決定的雜凑 步驟2 5 6中實施用以決定該 定的實際雜湊值。如果不相 的機器指令會執行步驟258 動程序終止。因此,如果有 的ROM的話,該新的或未經 的預載入器部分,即會在用 生該預期的雜湊值的預載入 測對於預載入器230的變更 值’及一對稱金鑰。步驟254 凑值。在該啟動碼212中的機 儲存雜凑值與在步驟252中由 值相比較。該比較是在一決定 被儲存的雜湊值是否等於被決 等的語,則在該啟動碼212中 ’其會將該遊戲主機丨〇 2的啟 一不同的ROM被拿來取代原始 授權的ROM並不會包括一相同 該單向雜湊演算法處理時可產 器部分,決定步驟256將會偵 並終止該啟動程序。 假設該被儲存的雜凑值等於該被實際決定的雜湊值的 ^則步驟2 6 0將會執行包含1 〇的預載入器碼部分的 $器指令。此步驟可被實施因為該等預載入器機器指令很 m楚地與最初包括在由遊戲主機製造商安裝在該遊戲主機 中的ROM内的機器指令相同。 接下來’步驟262決定整個ROM210除了秦子簽名234 &lt;外的一雜湊值。該預載入器亦包括用來決定一單向雜凑 值的機器指令且最好是使用SHA-1或MD5雜湊演算法(或熟 悉此技藝者所習知的任何單向雜凑演算法)來決定R0M2 10 的大部分内容的雜湊值(數位簽名並不包括在r〇m被雜湊 的内容足内)。只要使用相同的雜湊法則,結果永遠都是相 同的’除非機器指令已被改變,或被未經授權的機器指令 17 1292556 匕”9日〒)正替· 所更換。即使是只變更R0M2 1 0被雜湊的機器指令的一 一位元,這都將會改變雜湊所得的數值。 在ROM210中的公眾金鑰231在步驟264被用到 簽名234上用以產生一該數位簽名的一對應值,(在該 金鑰可被施用之前,其被儲存在該MCP的啟動碼内的 金鑰所解密碼(decrypted),但如果該公眾金鑰沒有被 稱金鑰所編密碼的話則此步驟就不需要。)揍下來,名 圖的決定步驟266中,在預載入器mo内的機器指令 該公眾金鑰是否能夠確認該簽名;此步驟決定來自於 264的值是否等於在步驟262所決定之該R〇M的雜淺 如果不等於的話,則步驟268會停止啟動操作因為在 中的簽名已經被改過。如所習知的,如果該簽名值係 只有該遊戲主機的製造商知道的一私有金输所簽名的 則該簽名的辨視可使用一公眾金鍮來確認。如果某些 擊該遊戲主機1 〇〇並嘗試要來變更r〇M2 1 〇的任何部 話,在雜凑值上的改變將會在步驟266被偵測到,而 啟動程序在步驟268被終止。相反地,如果該數位簽 ROM的雜湊值相符的話,則r〇m的内容會與被授權 始内容相同。 假設在步驟264所決定的數位簽名的值確任在決 驟2 66中的r〇m的雜湊值的話,則步驟27〇可讓啟 行到完成為止,讓核心238被複製到RAM206中,然 解壓縮及解密碼至RAM中。預載入器23〇包括將啟 入器解密碼的機器指令。被保持在該MCP中之在韌體 個單 數位 公眾 對稱 此對 .第4 決定 步驟 :值。 ROM 使用 話, 人攻 分的 造成 名與 的原 定步 動進 後被 動載 啟動 18 1292556 碼内的對稱金鑰與在ROM210内的對稱金鑰236相結合用 以產生一新的對稱碼,其被用來依據在該預載入器内的機 器指令將啟動載入器解密碼。 該啟動載入器包括用來依據熟悉此技藝者所習知的 RC4串流密碼演算法來實施一被壓縮及被編密碼的核心的 串流密碼(stream cipher)解密碼的機器指令。包含已被解壓 縮及解密碼至RAM206中的核心的機器指令然後可被 CPU2 02執行,用以實施該遊戲機之完整的功能,可確保 其只載入被授權的遊戲軟體,執行可阻止影像DVD的拷貝 的演算法’及確保其實施該遊戲主機製造商所想要的且被 定義在經過授權的啟動碼中之所有其它的政策及功能。 雖然本發明已依據較佳實施例的形式加以說明,但熟 悉此技藝者將可瞭解到在不偏離由以下的申請專利範圍所 定義之本發明的範圍下,可以有許多的變化可被達成。因 此,本發明的範圍並不侷限於以上的說明内容,而是完全 由下面的申請專利範圍來定義。 【圖式簡單說明】 本發明的上述態樣及許多其它的優點在閱讀以下參照 了附圖之詳細說明之後將會變得很容易暸解,其中: 第1圖為使用本發明的一遊戲主機的立體圖; 第2 A圖為包括在第1圖的遊戲主機中的數個功能性 1292556Ιί 1292556 *The expected hash of the Hai preloader 2 3 0 loads the stored messy instructions from the boot code. The hashing step determined by the preloader 220 from the boot code 2 5 6 The actual hash value used to determine the setting is implemented. If the machine instruction is not the same, step 258 is executed to terminate the program. Therefore, if there is a ROM, the new or unused preloader portion will be tested for the change value of the preloader 230 with a preload of the expected hash value and a symmetric gold. key. Step 254 is to make up the value. The machine stored hash value in the start code 212 is compared to the value in step 252. The comparison is in a decision as to whether the stored hash value is equal to the determined, etc., in the boot code 212, which will replace the original authorized ROM with the different ROM of the game console 2 It does not include an identical part of the one-way hash algorithm when it is processed, and decision step 256 will detect and terminate the starter. Assuming that the stored hash value is equal to the actually determined hash value, then step 210 will execute the $ command with the 1 〇 preloader code portion. This step can be implemented because the preloader machine instructions are very similar to the machine instructions originally included in the ROM installed by the game console manufacturer in the game console. Next step 262 determines a hash value for the entire ROM 210 in addition to the Qinzi signature 234 &lt; The preloader also includes machine instructions for determining a one-way hash value and preferably uses a SHA-1 or MD5 hash algorithm (or any one-way hash algorithm known to those skilled in the art). To determine the hash value of most of the contents of R0M2 10 (the digital signature is not included in the r杂m hashed content). As long as the same hashing rule is used, the result will always be the same 'unless the machine command has been changed, or replaced by an unauthorized machine command 17 1292556 匕" 9th 〒). Even if only change R0M2 1 0 The one-bit element of the hashed machine instruction will change the hashed value. The public key 231 in ROM 210 is used in step 264 to generate a corresponding value for the digital signature on signature 234. (The key is decrypted by the key stored in the activation code of the MCP before the key can be applied, but if the public key is not coded by the key, then this step is not In the decision step 266 of the name map, the machine in the preloader mo instructs whether the public key can confirm the signature; this step determines whether the value from 264 is equal to the one determined in step 262. If the R〇M is not equal, then step 268 will stop the startup operation because the signature in the middle has been changed. As is known, if the signature value is only known to the manufacturer of the game console. If the signature of the private gold is signed, the identification of the signature can be confirmed by using a public money. If some of the game hosts 1 〇〇 and try to change any part of r〇M2 1 ,, the hash value The change above will be detected in step 266, and the launch procedure is terminated in step 268. Conversely, if the hash value of the digital signature ROM matches, the content of r〇m will be the same as the authorized original content. Assuming that the value of the digital signature determined in step 264 is correct for the hash value of r〇m in decision 2 66, then step 27 can be passed to completion until the core 238 is copied to RAM 206. Decompress and decrypt the password into the RAM. The preloader 23 includes a machine instruction that decrypts the initiator. The pair is held in the MCP. The pair is symmetrical in the firmware. The fourth decision step: value ROM use words, the name of the human attack and the original step into the passive load start 18 1292556 code symmetric key combined with the symmetric key 236 in the ROM 210 used to generate a new symmetric code, It is used in accordance with the preloader The boot command will initiate the loader decryption. The boot loader includes a stream cipher (stream) for implementing a compressed and cryptographic core in accordance with the RC4 stream cipher algorithm known to those skilled in the art. Cipher) machine instructions for decrypting passwords. Machine instructions containing cores that have been decompressed and decrypted into RAM 206 can then be executed by CPU 202 to implement the full functionality of the gaming machine to ensure that it is only loaded and authorized. The game software executes an algorithm that blocks the copying of the video DVD' and ensures that it implements all other policies and functions that the game console manufacturer desires and is defined in the authorized activation code. While the present invention has been described in terms of the preferred embodiments, it will be understood by those skilled in the art that many variations can be made without departing from the scope of the invention as defined by the appended claims. Therefore, the scope of the present invention is not limited to the above description, but is completely defined by the scope of the following claims. BRIEF DESCRIPTION OF THE DRAWINGS The above-described aspects and many other advantages of the present invention will become readily apparent from the following detailed description of the appended claims. Stereogram; Figure 2A is a number of functional 1292556 included in the game console of Figure 1.

般電子裝置的功能性方塊圖; 第3圖為一示意圖其顯示被建構在本發明中之一記憶 體的部分;及 第4圖為一流程圖,其顯示在本發明中的邏輯操作。 【元件代表符號簡單說明】 100 電子遊戲系統 102 遊戲主機 104a,104b 控制器 106 可攜式媒體機 108 光學儲存碟片 110 插槽 112 電源紐 114 退出钮 120 影/音(A/V)介面電線 122 電源線插頭 124 資料連接器 130 USB線 132a,132b 拇指桿 134 D -板 136 按紐 138 扳機 140 記憶體單元 202 中央處理器(CPU) 204 匯流排及記譯體控制 晶片 206 RAM 208 媒體通訊處理器(MCP) 210 ROM 212 啟動碼 220 CPU 222 韌體啟動碼 230 預載入器 231 公眾金餘 232 啟動載入器 234 數位簽名 236 對稱金鑰 238 核心 240 晶片組初始化碼 20A functional block diagram of a general electronic device; Fig. 3 is a schematic view showing a portion of a memory constructed in the present invention; and Fig. 4 is a flow chart showing the logical operation in the present invention. [Simplified Description of Component Symbols] 100 Video Game System 102 Game Console 104a, 104b Controller 106 Portable Media Player 108 Optical Storage Disc 110 Slot 112 Power Button 114 Exit Button 120 Video/Audio (A/V) Interface Wire 122 Power cord plug 124 Data connector 130 USB cable 132a, 132b Thumb lever 134 D - board 136 button 138 Trigger 140 Memory unit 202 Central processing unit (CPU) 204 Bus and recorder control chip 206 RAM 208 Media communication Processor (MCP) 210 ROM 212 Startup Code 220 CPU 222 Firmware Startup Code 230 Preloader 231 Public Gold 232 Boot Loader 234 Digital Signature 236 Symmetric Key 238 Core 240 Chipset Initialization Code 20

Claims (1)

1292556 t :,:卜务肩明示'專: 心:^之嗲正衣有._^..:;:. &quot;Ή ϋ揭露之範 ';·)月齒 原說明書· 十、申請專利範圍 1 . 一種經由雜湊在一電子裝置啟動期間執行所提供的碼 來安全地啟動該電子裝置的方法,該方法至少包含以下 的步驟: (a) 將該碼的一預定義部分雜凑(hashing)用以產生一 第一雜湊值; (b) 將該第一雜湊值與一被保持在該電子裝置的一電 路元件中的經儲存雜湊值相比對用以確認該碼之該預 定義的部分是被授權的,其中該電路元件與存放該碼的 記憶體是分離的; (c) 如果該第一雜湊值等於該經儲存的雜湊值,則允 許執行該碼的該預定義部分,而如果是不相等的話,則 終止琴電子裝置的啟動; (d) 其中執行該碼之經授權的該預定義部分會實施以 下的步驟: (i) 實質上將該碼之所有者雜湊用以決定一第二 雜湊值;及 (ii) 確認包括在該碼中的一數位簽名是否與該第 二雜湊值相符,如果是的話,則允許該碼被執行,而 如果不是的話,則終止該電子裝置的啟動。 2.如申請專利範圍第1項所述之方法,其中比對該第一雜 湊值與該經儲存的雜湊值的步騾包含執行一被保持在 21 1292556 該電路元件的一非揮發性儲存部分中的初始碼的步 驟,該初始碼包括該經儲存的雜湊值。 3. 如申請專利範圍第2項所述之方法,其中該初始碼被保 持在一辅助處理器中。 4. 如申請專利範圍第2項所述之方法,其中該初始碼被保 持在以下其中一者: (a) —圖形處理器; (b) —聲訊處理器; (c) 一輸入處理器; (d) —輸出處理器; (e) —通訊處理器;及 (f) 一數位訊號處理器。 5 ·如申請專利範圍第2項所述之方法,其中該初始碼被保 持在一處理器中,該處理器可執行該初始碼。 6.如申請專利範圍第2項所述之方法,其中該初始碼被執 行用以實施申請專利範圍第1項中的步驟(a)至(c)。 7.如申請專利範圍第2項所述之方法,其中該初始碼係被 永久地定義於韌體中成為一預設的位元組數目。 22 1292556 g~Zg &quot;&quot;&quot; 月日修(^)正替換頁. 預定義 預設位 數位簽 包括在 啟動期 機器指 一主要 括在該 組數目 記憶媒 確認雜 8. 如申請專利範圍第1項所述之方法,其中該碼的 部分包含一預載入器碼,其具有設置在該碼的一 置處之一預設的位元組數目。 9. 如申請專利範圍第8項所述之方法,其中確認該 名的步驟是用一公眾金鑰來實施,該公眾金鑰係 該預載入器碼中。 10. —種其上記錄了包含可經由雜湊在一電子裝置 間執行所提供的碼來安全地啟動該電子裝置之 令的記憶媒體,該記憶媒體至少包括: (a) —核心部分,其中包含該碼的機器指令的 部分係儲存在該核心部分; (b) —開機載入器部分,其被設計成可載入包 核心部分中的機器指令,供該電子裝置執行; (c) 一預載入器部分,其具有一預定義的位元 及一預定義的内容,該預載入器部分被設置在該 體上的一預定的位置處;及 (d) —數位簽名部分,該數位簽名部分提供一 湊值用來與藉由將該碼雜湊所得到的雜湊值相比對,及 使用在判斷該碼是否經授權。 1292556 11.如申請專利範圍第1 0項所述之記憶媒體,其中該預載 入器部分包括一公眾金鑰,其可用來將該簽名部分解密 碼(decrypting) 〇 1 2 ·如申請專利範圍第1 0項所述之記憶媒體,其中該記憶 媒體包含一唯讀記憶體。 13. 如申請專利範圍第10項所述之記憶媒體,其中該預載 入器部分包括定義一單向雜湊演算法的機器指令。 14. 如申請專利範圍第10項所述之記憶媒體,其中該預載 入器部分包括可使用一儲存在該預載入器部分中的公 眾金鑰來辨識該數位簽名的機器指令。 1 5.如申請專利範圍第1 0項所述之記憶媒體,其中該核心 部分係被編碼(encoded)。 16. 如申請專利範圍第10項所述之記憶媒體,其中該預載 入器部分包括用於實施該核心部分的一串流密碼 (stream cipher)解密碼的機器指令。 17. 如申請專利範圍第10項所述之記憶媒體,其中該預載 入器部分包括至少一公眾金鑰,其用於辨識一用相應的 241292556 t :,: Buddy shoulders clearly show 'special: heart: ^ 嗲 嗲 有 . _ _ _ _ _ _ _ _ _ _ _ _ ϋ ϋ ϋ ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; 十What is claimed is: 1. A method of safely activating an electronic device by performing a code provided during startup of an electronic device, the method comprising at least the following steps: (a) hashing a predefined portion of the code Used to generate a first hash value; (b) comparing the first hash value to a stored hash value held in a circuit component of the electronic device to confirm the predefined portion of the code Is authorized, wherein the circuit component is separate from the memory in which the code is stored; (c) if the first hash value is equal to the stored hash value, then the predefined portion of the code is allowed to be executed, and if If it is not equal, the activation of the electronic device is terminated; (d) wherein the predefined portion of the code that is authorized to perform the following steps is performed: (i) substantially tying the owner of the code to determine a Second hash value; and (ii) confirmation included in the code Whether the one-digit signature in the match matches the second hash value, and if so, allows the code to be executed, and if not, terminates the activation of the electronic device. 2. The method of claim 1, wherein the step of comparing the first hash value to the stored hash value comprises performing a non-volatile storage portion of the circuit component maintained at 21 1292556. The step of the initial code, the initial code including the stored hash value. 3. The method of claim 2, wherein the initial code is maintained in an auxiliary processor. 4. The method of claim 2, wherein the initial code is maintained in one of: (a) a graphics processor; (b) an audio processor; (c) an input processor; (d) - an output processor; (e) - a communications processor; and (f) a digital signal processor. 5. The method of claim 2, wherein the initial code is maintained in a processor that can execute the initial code. 6. The method of claim 2, wherein the initial code is executed to perform steps (a) through (c) of claim 1 of the scope of the patent application. 7. The method of claim 2, wherein the initial code system is permanently defined in the firmware as a predetermined number of bytes. 22 1292556 g~Zg &quot;&quot;&quot; Monthly Repair (^) is replacing the page. The predefined preset digits are included in the startup period. The machine refers to a number of memory media that are mainly included in the group. The method of clause 1, wherein the portion of the code comprises a preloader code having a predetermined number of bytes set at a location of the code. 9. The method of claim 8, wherein the step of confirming the name is performed using a public key, the public key being in the preloader code. 10. A memory medium comprising a command for securely activating the electronic device by executing a supplied code between a plurality of electronic devices, the memory medium comprising at least: (a) a core portion including The portion of the machine instructions of the code is stored in the core portion; (b) a boot loader portion designed to load machine instructions in the core portion of the package for execution by the electronic device; (c) a pre- a loader portion having a predefined bit and a predefined content, the preloader portion being disposed at a predetermined position on the body; and (d) a digital signature portion, the digit The signature portion provides a value for comparison with the hash value obtained by hashing the code, and is used to determine whether the code is authorized. 1292556 11. The memory medium of claim 10, wherein the preloader portion includes a public key that can be used to decrypt the signature portion 〇1 2 · as claimed The memory medium of item 10, wherein the memory medium comprises a read-only memory. 13. The memory medium of claim 10, wherein the preloader portion comprises machine instructions defining a one-way hash algorithm. 14. The memory medium of claim 10, wherein the preloader portion comprises machine instructions that can identify the digital signature using a public key stored in the preloader portion. 1 5. The memory medium of claim 10, wherein the core portion is encoded. 16. The memory medium of claim 10, wherein the preloader portion comprises machine instructions for implementing a stream cipher decryption of the core portion. 17. The memory medium of claim 10, wherein the preloader portion includes at least one public key for identifying a corresponding 24 1292556 私有金鑰所簽署的簽名。 18. —種電子裝置,其經由雜湊在該電子裝置啟動期間執行 所提供的碼來安全地啟動,該電子裝置至少包含: (a) —非揮發性記憶體,其上儲存有許多機器碼,該 非揮發性記憶體包括一主要部分,及一預載入器部分, 其内容,大小及位置是預先定義的; (b) —處理器,其耦合至該非揮發性記憶體用以執行 該等機器指令; (c) 一啟動碼勃體(bootstrap code firmware)元件,其 載明可定義一雜湊演算法的機器指令及一預期的雜湊 值,該啟動碼韌體的機器指令在該電子裝置的啟動期間 被該處理器所執行,促成該處理器執行以下的動作: (i) 將該非揮發性記憶體的預載入器部分雜湊用 以決定一預載入器雜湊值; (ii) 比較該預期的雜湊值與該預載入器雜湊值; 及 (iii) 如果該預載入器雜湊值不等於該預期的雜 湊值,即終止該電子裝置的啟動。 1 9.如申請專利範圍第1 8項所述的電子裝置,其中該非揮 發性記憶體的預載入器部分包括機器指令,其可促成該 處理器執行以下的動作: 251292556 The signature signed by the private key. 18. An electronic device that is safely activated by hashing a code provided during startup of the electronic device, the electronic device comprising at least: (a) a non-volatile memory having a plurality of machine codes stored thereon The non-volatile memory includes a main portion, and a preloader portion whose content, size and position are predefined; (b) a processor coupled to the non-volatile memory for executing the machines (c) a bootstrap code firmware element that specifies a machine instruction that defines a hash algorithm and an expected hash value, the machine command of the boot code firmware being activated at the electronic device The period is executed by the processor, causing the processor to perform the following actions: (i) hashing the non-volatile memory preloader portion to determine a preloader hash value; (ii) comparing the expectation The hash value and the preloader hash value; and (iii) if the preloader hash value is not equal to the expected hash value, terminating the start of the electronic device. The electronic device of claim 18, wherein the preloader portion of the non-volatile memory comprises machine instructions that cause the processor to perform the following actions: 25 1292556 (a) 將談非揮發性記憶體雜湊,用以產生一記憶 湊值; (b) 將該記憶體雜湊值與一包括在該預載入器 中的預期記憶體雜凑值相比較;及 (c) 如果該記憶體雜湊值不等於該預期的記憶 湊值,即終止該電子裝置的啟動。 2 0 ·如申請專利範圍第1 9項所述的電子裝置,其中該 的記憶體雜湊值如一數位簽名般地被包括在該非 性的記憶體中’但當雜湊該發揮發性記憶體時被排 外0 2 1 ·如申請專利範圍第2 0項所述的電子裝置,其中在 揮發性記憶體的預載入器部分中的機器指令可進 促成該處理器辨識該數位簽名,用以決定該預期的 體雜凑值。 22. 如申請專利範圍第20項所述的電子裝置,其中在 揮發性記憶體的預載入器部分中的機器指令進一 成該處理器施用一包括在該預載入器部分中的公 鑰來辨識該數位簽名。 23. 如申請專利範圍第1 8項所述的電子裝置’其中該 體雜 部分 體雜 預期 揮發 除在 該非 一步 記憶 該非 步促 眾金 非揮 26 1292556 鼙%錢日修(〆.)正替換頁 發性記憶體的主要部分的至少一部分被編 (encrypted),及其中該非揮發性記憶體的預載入器 包括可促成該處理器將被編密碼的該非揮發性記 的主要部分之該至少一部分解密碼的機器指令,讓 子裝置的啟動能夠以繼續執行包括在該非揮發性 體的主要部分中的機器指令。 24.如申請專利範圍第18項所述的電子裝置,其中該 碼勃體元件係設置在該電子裝置的另一元件中且 將其它元件破壞到讓該電子裝置變成不能操作的 下是實質上無法存取該啟動碼韌體元件。 25·如申請專利範圍第24項所述的電子裝置,其中該 的元件包含一輔助處理器。 26.如申請專利範圍第24項所述的電子裝置,其中該 的元件包含以下所列的其中一者: (a) —圖形處理器; (b) —聲訊處理器; (c) 一輸入處理器; (d) —輸出處理器; (e) —通訊處理器;及 (f) 一數位訊號處理器。 密碼 部分 憶體 該電 記憶 啟動 在不 前題 其它 其它 271292556 (a) will talk about non-volatile memory hashing to produce a memory value; (b) compare the memory hash value with a expected memory hash value included in the preloader; And (c) if the memory hash value is not equal to the expected memory value, the activation of the electronic device is terminated. The electronic device of claim 19, wherein the memory hash value is included in the non-volatile memory as a digital signature 'but when the volatile memory is mixed Exclusion 0 2 1 - The electronic device of claim 20, wherein the machine command in the preloader portion of the volatile memory can cause the processor to recognize the digital signature to determine the The expected body hash value. 22. The electronic device of claim 20, wherein the machine instructions in the preloader portion of the volatile memory further implement the processor to apply a public key included in the preloader portion. To identify the digital signature. 23. The electronic device as claimed in claim 18, wherein the body part of the body is expected to be volatilized except in the non-single memory, the non-stepping group is not swayed by the singularity of the money. At least a portion of a main portion of the pageable memory is encrypted, and wherein the non-volatile memory preloader includes the at least a major portion of the non-volatile record that the processor is to be cryptographically encoded A portion of the decrypted machine instructions enable the activation of the child device to continue executing the machine instructions included in the main portion of the non-volatile body. 24. The electronic device of claim 18, wherein the code body element is disposed in another element of the electronic device and destroys the other element to make the electronic device inoperable substantially The boot code firmware component cannot be accessed. The electronic device of claim 24, wherein the component comprises an auxiliary processor. 26. The electronic device of claim 24, wherein the component comprises one of: (a) a graphics processor; (b) an audio processor; (c) an input processing (d) - an output processor; (e) - a communications processor; and (f) a digital signal processor. Part of the password, the memory, the memory, the start, the other, the other, 27 1292556 2 7.如申請專利範圍第18項所述的電子裝置,其中該啟動 碼韌體元件係設置在該處理器内。The electronic device of claim 18, wherein the activation code firmware component is disposed within the processor. 2 8.如申請專利範圍第1 8項所述的電子裝置,其中該非揮 發性記憶體主要部分的至少一部分係被編密碼 (encrypted),且其中該非揮發性記憶體的預載入器部分 包括: (a) 定義一單向雜湊演算法的機器指令; (b) 用來將該非揮發性記憶體的主要部分的至少一 部分解碼的機器指令; (c) 包含一啟動載入器的機器指令;及 (d) 至少一公眾金鑰。The electronic device of claim 18, wherein at least a portion of the main portion of the non-volatile memory is encrypted, and wherein the preloader portion of the non-volatile memory includes (a) machine instructions defining a one-way hash algorithm; (b) machine instructions for decoding at least a portion of the main portion of the non-volatile memory; (c) machine instructions including a boot loader; And (d) at least one public key. 29.如申請專利範圍第18項所述的電子裝置,其中該電子 裝置包含一遊戲主機。 28 129255629. The electronic device of claim 18, wherein the electronic device comprises a game console. 28 1292556 七、 指定代表圖 (一) 、本案指定代表圖為:第 4 岡 (二) 、本代表圖之元件代表符ϋ單一說明: 250執行晶片組初始化碼 268停止啟動操作 252決定R〇M的預載入器部分的雜湊值 270完成啟動操作 254將預載入器之被儲存的雜湊值載入 250被儲存的雜湊值是否=實際的雜湊值? 258停止啟動操作 260執行預載入器碼部分 262決定整個ROM(除了簽名以外)的雜湊值 264施用公眾金鑰至該簽名用以決定簽名值 266公眾金鑰確認該簽名是否為真? 八、 本案若有化學式時,請揭示最能顯示 發明特徵的化學式:VII. Designated representative map (1) The designated representative map of the present case is: 4th gang (2), the representative of the representative figure is a single description: 250 execution of the chipset initialization code 268 stop start operation 252 determines the pre-ratio of R〇M The hash value of the loader portion 270 completes the start operation 254. The stored hash value of the preloader is loaded into the 250 stored hash value = actual hash value? 258 Stop Start Operation 260 Execute Preloader Code Section 262 Determine the hash value of the entire ROM (other than signature) 264 Apply the public key to the signature to determine the signature value 266 Is the public key confirming that the signature is true? 8. If there is a chemical formula in this case, please disclose the chemical formula that best shows the characteristics of the invention:
TW092114953A 2002-06-07 2003-06-02 Method and memory medium having machine instructions for securely booting up electronic device by hashing code provided for execution during boot-up of electronic device and electronic device related therewith TWI292556B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/165,519 US6907522B2 (en) 2002-06-07 2002-06-07 Use of hashing in a secure boot loader

Publications (2)

Publication Number Publication Date
TW200401228A TW200401228A (en) 2004-01-16
TWI292556B true TWI292556B (en) 2008-01-11

Family

ID=29549377

Family Applications (1)

Application Number Title Priority Date Filing Date
TW092114953A TWI292556B (en) 2002-06-07 2003-06-02 Method and memory medium having machine instructions for securely booting up electronic device by hashing code provided for execution during boot-up of electronic device and electronic device related therewith

Country Status (10)

Country Link
US (2) US6907522B2 (en)
EP (1) EP1369764B1 (en)
JP (1) JP4052978B2 (en)
KR (1) KR100965717B1 (en)
CN (1) CN100492277C (en)
AT (1) ATE453162T1 (en)
AU (1) AU2003204376B2 (en)
DE (1) DE60330627D1 (en)
HK (1) HK1058561A1 (en)
TW (1) TWI292556B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9824220B2 (en) 2013-03-28 2017-11-21 International Business Machines Corporation Secure execution of software modules on a computer

Families Citing this family (90)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6675152B1 (en) * 2000-09-13 2004-01-06 Igt Transaction signature
US20020147918A1 (en) * 2001-04-05 2002-10-10 Osthoff Harro R. System and method for securing information in memory
US8708828B2 (en) 2001-09-28 2014-04-29 Igt Pluggable modular gaming modifiers and configuration templates for gaming environments
US7931533B2 (en) 2001-09-28 2011-04-26 Igt Game development architecture that decouples the game logic from the graphics logics
US6902481B2 (en) 2001-09-28 2005-06-07 Igt Decoupling of the graphical presentation of a game from the presentation logic
EP1338939A1 (en) * 2002-02-22 2003-08-27 Hewlett-Packard Company State validation device for a computer
US8140824B2 (en) * 2002-11-21 2012-03-20 International Business Machines Corporation Secure code authentication
US7194626B2 (en) * 2002-11-21 2007-03-20 International Business Machines Corporation Hardware-based secure code authentication
FR2849226B1 (en) * 2002-12-20 2005-12-02 Oberthur Card Syst Sa METHOD AND DEVICE FOR SECURING THE EXECUTION OF A COMPUTER PROGRAM
US8784195B1 (en) * 2003-03-05 2014-07-22 Bally Gaming, Inc. Authentication system for gaming machines
EP1465038B1 (en) * 2003-04-03 2013-03-27 STMicroelectronics (Research & Development) Limited Memory security device for flexible software environment
US7171563B2 (en) * 2003-05-15 2007-01-30 International Business Machines Corporation Method and system for ensuring security of code in a system on a chip
US7725740B2 (en) * 2003-05-23 2010-05-25 Nagravision S.A. Generating a root key for decryption of a transmission key allowing secure communications
US7475254B2 (en) * 2003-06-19 2009-01-06 International Business Machines Corporation Method for authenticating software using protected master key
US7434231B2 (en) * 2003-06-27 2008-10-07 Intel Corporation Methods and apparatus to protect a protocol interface
FR2867929B1 (en) * 2004-03-19 2007-03-02 Gemplus Card Int METHOD FOR DYNAMIC AUTHENTICATION OF PROGRAMS BY AN ELECTRONIC PORTABLE OBJECT
JP4544901B2 (en) * 2004-04-19 2010-09-15 株式会社日立製作所 Storage control system and boot control system
US20050262337A1 (en) * 2004-05-24 2005-11-24 Siemens Vdo Automotive Corporation Method and device for determining flash software compatibility with hardware
JP4447977B2 (en) 2004-06-30 2010-04-07 富士通マイクロエレクトロニクス株式会社 Secure processor and program for secure processor.
US7694121B2 (en) * 2004-06-30 2010-04-06 Microsoft Corporation System and method for protected operating system boot using state validation
US7937593B2 (en) * 2004-08-06 2011-05-03 Broadcom Corporation Storage device content authentication
DE102004047191A1 (en) * 2004-09-29 2006-04-06 Robert Bosch Gmbh Tamper-proof microprocessor system and operating method therefor
US8954738B2 (en) * 2004-11-22 2015-02-10 Core Wireless Licensing, S.a.r.l. Method and device for verifying the integrity of platform software of an electronic device
KR100654446B1 (en) * 2004-12-09 2006-12-06 삼성전자주식회사 Apparatus and method for Secure booting
US7725703B2 (en) * 2005-01-07 2010-05-25 Microsoft Corporation Systems and methods for securely booting a computer with a trusted processing module
US8181020B2 (en) * 2005-02-02 2012-05-15 Insyde Software Corp. System and method for securely storing firmware
US7722468B2 (en) * 2005-03-09 2010-05-25 Igt Magnetoresistive memory units as read only memory devices in gaming machines
US7736234B2 (en) * 2005-03-09 2010-06-15 Igt MRAM as critical event storage for powered down gaming machines
US20060205513A1 (en) * 2005-03-09 2006-09-14 Igt MRAM as nonvolatile safe storage for power hit and ESD tolerance in gaming machines
US20060236122A1 (en) * 2005-04-15 2006-10-19 Microsoft Corporation Secure boot
CN102142070B (en) * 2005-09-14 2013-11-06 桑迪士克科技公司 Hardware driver integrity check of memory card controller firmware
US8966284B2 (en) 2005-09-14 2015-02-24 Sandisk Technologies Inc. Hardware driver integrity check of memory card controller firmware
KR100675186B1 (en) 2005-09-29 2007-01-30 엘지전자 주식회사 A mobile communication terminal having a function of hashing user or subscriber information and the booting method thereof
WO2007041501A2 (en) * 2005-09-30 2007-04-12 Phoenix Technologies Ltd. Secure execution environment by preventing execution of unauthorized boot loaders
US20070101156A1 (en) * 2005-10-31 2007-05-03 Manuel Novoa Methods and systems for associating an embedded security chip with a computer
US20090285280A1 (en) 2005-11-29 2009-11-19 Thomas Patrick Newberry Method and Apparatus for Securing Digital Content
EP2030124A4 (en) * 2006-05-24 2012-12-12 Safend Ltd Method and system for defending security application in a user's computer
EP1868127A1 (en) * 2006-06-15 2007-12-19 Thomson Telecom Belgium Device comprising a public and a private area and a method for securely initializing the device
US8117429B2 (en) * 2006-11-01 2012-02-14 Nokia Corporation System and method for a distributed and flexible configuration of a TCG TPM-based local verifier
US8254568B2 (en) 2007-01-07 2012-08-28 Apple Inc. Secure booting a computing device
US8239688B2 (en) 2007-01-07 2012-08-07 Apple Inc. Securely recovering a computing device
US8291480B2 (en) 2007-01-07 2012-10-16 Apple Inc. Trusting an unverified code image in a computing device
US20080178257A1 (en) * 2007-01-20 2008-07-24 Takuya Mishina Method for integrity metrics management
US7617493B2 (en) * 2007-01-23 2009-11-10 International Business Machines Corporation Defining memory indifferent trace handles
KR101209252B1 (en) * 2007-02-02 2012-12-06 삼성전자주식회사 Booting method and boot authentication method for electronic device
JP4903818B2 (en) * 2007-02-09 2012-03-28 株式会社エヌ・ティ・ティ・ドコモ Terminal device and software inspection method
US20080222428A1 (en) * 2007-03-07 2008-09-11 Andrew Dellow Method for Securing Authenticity of Data in a Digital Processing System
KR101427646B1 (en) * 2007-05-14 2014-09-23 삼성전자주식회사 Method and apparatus for checking integrity of firmware
US8422674B2 (en) * 2007-05-29 2013-04-16 International Business Machines Corporation Application-specific secret generation
US8332635B2 (en) * 2007-05-29 2012-12-11 International Business Machines Corporation Updateable secure kernel extensions
US8433927B2 (en) * 2007-05-29 2013-04-30 International Business Machines Corporation Cryptographically-enabled privileged mode execution
WO2009013825A1 (en) * 2007-07-25 2009-01-29 Panasonic Corporation Information processor and tampering verification method
US8068614B2 (en) * 2007-09-28 2011-11-29 Intel Corporation Methods and apparatus for batch bound authentication
US8332636B2 (en) * 2007-10-02 2012-12-11 International Business Machines Corporation Secure policy differentiation by secure kernel design
US8166304B2 (en) * 2007-10-02 2012-04-24 International Business Machines Corporation Support for multiple security policies on a unified authentication architecture
US20090172420A1 (en) * 2007-12-31 2009-07-02 Kabushiki Kaisha Toshiba Tamper resistant method and apparatus for a storage device
KR101502032B1 (en) * 2008-03-06 2015-03-12 삼성전자주식회사 Processor apparatus having secure performance
AU2009201191A1 (en) * 2008-03-26 2009-10-15 Aristocrat Technologies Australia Pty Limited A gaming machine
US8150039B2 (en) 2008-04-15 2012-04-03 Apple Inc. Single security model in booting a computing device
CN101299849B (en) * 2008-04-25 2010-05-12 中兴通讯股份有限公司 WiMAX terminal and starting method thereof
DE102008021567B4 (en) * 2008-04-30 2018-03-22 Globalfoundries Inc. Computer system with secure boot mechanism based on symmetric key encryption
US9122864B2 (en) * 2008-08-05 2015-09-01 International Business Machines Corporation Method and apparatus for transitive program verification
US20100064125A1 (en) * 2008-09-11 2010-03-11 Mediatek Inc. Programmable device and booting method
US9653004B2 (en) * 2008-10-16 2017-05-16 Cypress Semiconductor Corporation Systems and methods for downloading code and data into a secure non-volatile memory
US8832454B2 (en) * 2008-12-30 2014-09-09 Intel Corporation Apparatus and method for runtime integrity verification
US8806220B2 (en) 2009-01-07 2014-08-12 Microsoft Corporation Device side host integrity validation
DE102010005726A1 (en) * 2010-01-26 2011-07-28 Giesecke & Devrient GmbH, 81677 Method for assigning a portable data carrier, in particular a chip card, to a terminal
KR20120092222A (en) 2011-02-11 2012-08-21 삼성전자주식회사 Secure boot method and method of generating a secure boot image
JP2014170255A (en) * 2011-06-29 2014-09-18 Panasonic Corp Secure boot method
GB2509001B (en) * 2011-09-30 2020-08-05 Hewlett Packard Development Co Option read-only memory use
TW201346764A (en) * 2012-05-11 2013-11-16 Ibase Technology Inc Booting security software method
US9671945B2 (en) * 2013-12-17 2017-06-06 American Megatrends, Inc. Techniques of launching virtual machine from thin client
US20150286823A1 (en) * 2014-04-07 2015-10-08 Qualcomm Incorporated System and method for boot sequence modification using chip-restricted instructions residing on an external memory device
GB2525409B (en) * 2014-04-24 2016-11-02 Ibm Enabling an external operating system to access encrypted data units of a data storage system
US9195831B1 (en) 2014-05-02 2015-11-24 Google Inc. Verified boot
US10387652B2 (en) * 2015-04-17 2019-08-20 Hewlett Packard Enterprise Development Lp Firmware map data
US20160314288A1 (en) * 2015-04-22 2016-10-27 Qualcomm Incorporated Method and apparatus for write restricted storage
US10176094B2 (en) * 2015-06-30 2019-01-08 Renesas Electronics America Inc. Common MCU self-identification information
BR112017023452B1 (en) * 2015-07-31 2022-12-20 Hewlett-Packard Development Company, L.P. APPARATUS COMPRISING IMAGING SUPPLIES
WO2017066194A1 (en) 2015-10-11 2017-04-20 Renesas Electronics America Inc. Data driven embedded application building and configuration
US9916452B2 (en) 2016-05-18 2018-03-13 Microsoft Technology Licensing, Llc Self-contained cryptographic boot policy validation
US10365961B2 (en) * 2016-09-09 2019-07-30 Dell Products L.P. Information handling system pre-boot fault management
KR102538096B1 (en) * 2016-09-13 2023-05-31 삼성전자주식회사 Device and method of verify application
CN106778283B (en) 2016-11-21 2020-04-07 惠州Tcl移动通信有限公司 Method and system for protecting key data of system partition
US11263326B2 (en) 2017-06-02 2022-03-01 Apple Inc. Method and apparatus for secure system boot
US10417429B2 (en) 2017-06-02 2019-09-17 Apple Inc. Method and apparatus for boot variable protection
WO2020027815A1 (en) * 2018-07-31 2020-02-06 Hewlett-Packard Development Company, L.P. Executing instructions
CN112805703A (en) 2018-10-12 2021-05-14 三菱电机株式会社 Software verification device, software verification method, and software verification program
CN110262840B (en) * 2019-06-17 2023-01-10 Oppo广东移动通信有限公司 Equipment starting monitoring method and related product
US11960608B2 (en) * 2021-04-29 2024-04-16 Infineon Technologies Ag Fast secure booting method and system

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4654480A (en) * 1985-11-26 1987-03-31 Weiss Jeffrey A Method and apparatus for synchronizing encrypting and decrypting systems
WO1993017388A1 (en) * 1992-02-26 1993-09-02 Clark Paul C System for protecting computers via intelligent tokens or smart cards
US5643086A (en) * 1995-06-29 1997-07-01 Silicon Gaming, Inc. Electronic casino gaming apparatus with improved play capacity, authentication and security
AU6282096A (en) * 1995-06-29 1997-01-30 Silicon Gaming, Inc. Electronic casino gaming system with improved play capacity, authentication and security
JP3293760B2 (en) 1997-05-27 2002-06-17 株式会社エヌイーシー情報システムズ Computer system with tamper detection function
US5919257A (en) * 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
US6704871B1 (en) * 1997-09-16 2004-03-09 Safenet, Inc. Cryptographic co-processor
US6185678B1 (en) * 1997-10-02 2001-02-06 Trustees Of The University Of Pennsylvania Secure and reliable bootstrap architecture
US6378072B1 (en) * 1998-02-03 2002-04-23 Compaq Computer Corporation Cryptographic system
US6401208B2 (en) * 1998-07-17 2002-06-04 Intel Corporation Method for BIOS authentication prior to BIOS execution
US6081890A (en) * 1998-11-30 2000-06-27 Intel Corporation Method of communication between firmware written for different instruction set architectures
US6263431B1 (en) * 1998-12-31 2001-07-17 Intle Corporation Operating system bootstrap security mechanism
US6988250B1 (en) * 1999-02-15 2006-01-17 Hewlett-Packard Development Company, L.P. Trusted computing platform using a trusted device assembly
US6625730B1 (en) * 2000-03-31 2003-09-23 Hewlett-Packard Development Company, L.P. System for validating a bios program and memory coupled therewith by using a boot block program having a validation routine
US20040064457A1 (en) * 2002-09-27 2004-04-01 Zimmer Vincent J. Mechanism for providing both a secure and attested boot

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9824220B2 (en) 2013-03-28 2017-11-21 International Business Machines Corporation Secure execution of software modules on a computer

Also Published As

Publication number Publication date
KR20030095301A (en) 2003-12-18
AU2003204376A1 (en) 2004-01-08
DE60330627D1 (en) 2010-02-04
US20030229777A1 (en) 2003-12-11
ATE453162T1 (en) 2010-01-15
CN1469238A (en) 2004-01-21
AU2003204376B2 (en) 2009-11-26
EP1369764A3 (en) 2005-05-18
CN100492277C (en) 2009-05-27
TW200401228A (en) 2004-01-16
JP4052978B2 (en) 2008-02-27
JP2004013905A (en) 2004-01-15
US6907522B2 (en) 2005-06-14
EP1369764A2 (en) 2003-12-10
US7676840B2 (en) 2010-03-09
KR100965717B1 (en) 2010-06-24
HK1058561A1 (en) 2004-05-21
US20050138270A1 (en) 2005-06-23
EP1369764B1 (en) 2009-12-23

Similar Documents

Publication Publication Date Title
TWI292556B (en) Method and memory medium having machine instructions for securely booting up electronic device by hashing code provided for execution during boot-up of electronic device and electronic device related therewith
TWI283120B (en) Method, apparatus for securing digital data and enforcing a secure policy
US8972723B2 (en) Storage device and method for providing a partially-encrypted content file to a host device
US9135417B2 (en) Apparatus for generating secure key using device and user authentication information
EP1638031B1 (en) System and method for secure execution of program code
EP1423771B1 (en) Method to protect software against unauthorized use
KR101657613B1 (en) Backing up digital content that is stored in a secured storage device
RU2388051C2 (en) Random password, automatically generated by basic input/output (bios) system for protecting data storage device
EP1785902B1 (en) Decryption key table access control on ASIC or ASSP
US9015479B2 (en) Host device and method for super-distribution of content protected with a localized content encryption key
EP2037388A1 (en) Certifying device, verifying device, verifying system, computer program and integrated circuit
US20020116632A1 (en) Tamper-resistant computer system
TW200941278A (en) Secure update of boot image without knowledge of secure key
US20130156196A1 (en) Storage Device and Method for Super-Distribution of Content Protected with a Localized Content Encyrption Key
TWI598764B (en) Content protection via online servers and code execution in a secure operating system
US9075999B2 (en) Memory device and method for adaptive protection of content
JP4541901B2 (en) Portable authority granting device and related method for authorizing use of protected information
TW201843616A (en) Data center with data encryption and operating method thererfor
US8171565B2 (en) Systems and methods for locally generating license and activating DRM agent
KR101450131B1 (en) Methods and apparatuses for accessing content based on a session ticket
TW202219804A (en) File encryption method, file encryption software executing the method and storage device installed with the file encryption software limiting at least one file to be opened in at least one designated hardware device
KR20100055713A (en) Apparatus and method for booting system in portable terminal

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees